11.8. MY EXPERIENCE WITH HEX-RAYS 2.2.0
11.8.5 Data types..
Data types is a problem for decompilers.
Hex-Rays can be blind to arrays in local stack, if they weren’t set correctly before decompilation. Same
story about global arrays.
Another problem is too big functions, where a single slot in local stack can be used by several variables
across function’s execution. It’s not a rare case when a slot is used forint-variable, then for pointer, then
forfloat-variable. Hex-Rays correctly decompiles it: it creates a variable with some type, then cast it to
another type in various parts of functions. This problem has been solved by me by manual splitting big
function into several smaller. Just make local variables as global ones, etc, etc. And don’t forget about
tests.
11.8.6 Long and messed expressions.
Sometimes, during rewriting, you can end up with long and hard to understand expressions inif()con-
structs, like:
if ((! (v38 && v30 <= 5 && v27 != -1)) && ((! (v38 && v30 <= 5) && v27 != -1) || (v24 >= 5 ||⤦
Çv26)) && v25)
{
}
Wolfram Mathematica can minimize some of them, usingBooleanMinimize[]function:
In[1]:= BooleanMinimize[(! (v38 && v30 <= 5 && v27 != -1)) && v38 && v30 <= 5 && v25 == 0]
Out[1]:= v38 && v25 == 0 && v27 == -1 && v30 <= 5
There is even better way, to find common subexpressions:
In[2]:= Experimental`OptimizeExpression[(! (v38 && v30 <= 5 &&
v27 != -1)) && ((! (v38 && v30 <= 5) &&
v27 != -1) || (v24 >= 5 || v26)) && v25]
Out[2]= ExperimentalOptimizedExpression[ Block[{Compile$1, Compile$2}, Compile$1 = v30 <= 5;
Compile$2 = v27 != -1;! (v38 && Compile$1 &&
Compile$2) && ((! (v38 && Compile$1) && Compile`$2) ||
v24 >= 5 || v26) && v25]]
Mathematica adds two new variables:Compile$1andCompile$2, values of which will be used several
times in expression. So we can add two additional variables.
11.8.7 My plan..
- Split big functions (and don’t forget about tests). Sometimes it’s very helpful to form new functions
out of big loop bodies. - Check/set data type of variables, arrays, etc.
- If you see odd result,danglingvariable (which used before initialization), try to swap instructions
manually, recompile it and feed to Hex-Rays again.
11.8.8 Summary..
Nevertheless, quality of Hex-Rays 2.2.0 is very, very good. It makes life way easier.